Case Study: Major International Manufacturing Organization contains ransomware and restores operations within days with Critical Start

Manufacturer Stops Breach Cold, Thanks to CRITICALSTART Incident Response Services

Major International Manufacturing Organization, a manufacturer with more than 20 offices worldwide that shifted 85–90% of its office staff to remote work and was still integrating recent acquisitions, was hit by a ransomware attack that spread across databases, VMware and file servers. Facing the risk of prolonged downtime and constrained by the need for rapid action, the company engaged Critical Start for Incident Response services to contain the breach and restore operations.

Critical Start deployed Carbon Black Response and Cylance Protect, used rapid DFIR techniques to identify the ransomware and associated scripts within an hour, isolated and blacklisted infected machines, and removed the malware rather than just restoring backups. The team rebuilt active directories, performed forensic and log analyses, and monitored systems for about three months; as a result, the manufacturer was back up and shipping by Monday around lunch after the Friday-afternoon incident—avoiding the days or weeks of downtime typical for such attacks.